package cn.yoyo.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.authentication.logout.LogoutHandler;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

@Configuration
@EnableWebSecurity
public class MySecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired(required = false)
    UserDetailsService userDetailsService;
    @Autowired
    LoginFailure loginFailure;
    @Autowired
    LoginSuccess loginSuccess;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService);
    }

    @Override// 放行静态资源
    public void configure(WebSecurity web) throws Exception {
        //解决静态资源被拦截的问题
        web.ignoring().antMatchers("/js/**");
        web.ignoring().antMatchers("/image/**");
    }

    @Override// HtppSecurity Htpp请求安全处理
    protected void configure(HttpSecurity http) throws Exception {
        http.formLogin().loginPage("/api/public/user/go2Login")
                .loginProcessingUrl("/doLogin")// 登录页面的请求
                .usernameParameter("username")
                .passwordParameter("password")
                .successHandler(loginSuccess)
                .failureHandler(loginFailure)
                .and().authorizeRequests() // 所有浏览器请求
                .antMatchers("/api/public/**","/").permitAll()
                .antMatchers("/api/adm/**").hasAuthority("A")
                .antMatchers("/api/admAndcons/logOut").hasAnyAuthority("A","C")
                .antMatchers("/api/cons/**").hasAuthority("C")
                .anyRequest().authenticated()// 需要登陆后才访问
                .and()
                .logout().logoutUrl("/api/admAndcons/logOut")// 开启注销登录并请求注销
                .clearAuthentication(true)// 清楚身份信息
                .invalidateHttpSession(true)// session失效
                .addLogoutHandler(new LogoutHandler() { //注销处理
                    @Override
                    public void logout(HttpServletRequest req,
                                       HttpServletResponse resp,
                                       Authentication auth) {
                    }
                })
                .logoutSuccessHandler(new LogoutSuccessHandler() {     //注销成功处理
                    @Override
                    public void onLogoutSuccess(HttpServletRequest req,
                                                HttpServletResponse resp,
                                                Authentication auth)
                            throws IOException {
                        resp.sendRedirect("/");              //退出成功跳转到首页
                    }
                })
                .and()
                .csrf().disable();    // 禁止跨域
    }

}
